If I try to connect using RDP 6.1 it works, if I use any modern RDP client (8+) it fails immediately. Im guessing there is a problem somewhere here with NTLM authentication responses, but I could be wrong.

Interestingly, I can use HAPRoxy to pass the connection through to a Microsoft Web Application Proxy and then to the gateway without issue (using the same configuration).